<?
	class mail
	{
		private $db_link;

		private $default_has_dspam = "0";
		
		function __construct()
		{
			$this->db_link = $_SESSION['portiqus']->getDB();
		}
		
		public function Run()
		{
			$was_soll_ich_machen = $_GET['run'];
			$womit = $_GET['was'];

			if (isset($was_soll_ich_machen)) 
			{
				switch($was_soll_ich_machen)
				{
					case "edit":
						if (isset($womit))
						{
							if ( isset($_POST['login']) && isset($_POST['password']) )
							{
								if ( ($_POST['login'] != "") && ($_POST['password'] != "") )
								{
									$this->_doUpdateUser($womit, $_POST['login'], $_POST['password'], $_POST['has_dspam'], $_POST['password_ist_unchanged'], $_POST['alias_aendern']);
								}
								else
								{
									$this->_doEditUser($womit);
								}
							}
							else
							{
									$this->_doEditUser($womit);
							}
						}
						break;
					case "delete":
						if (isset($womit))
						{
							// ($id_user, $aliase_loeschen, $ja_ich_will)
							$this->_doDeleteAt($womit, $_POST['aliase_loeschen'], $_POST['force']);
						}
						break;
					case "new":
						if ( isset($_POST['login']) && isset($_POST['password']) )
						{
							if ( ($_POST['login'] != "") && ($_POST['password'] != "") )
							{
								$this->_doInsertUser($_POST['login'], $_POST['password'], $_POST['has_dspam']);
							}
							else
							{
								$this->_doAddNew();
							}
						}
						else
						{
							$this->_doAddNew();
						}
						break;
					case "check":
						if (isset($womit) && ($womit != ""))
						{
							$this->_doCheckUser($womit);
						}
						break;
					default:
						break;
					}
			}
			else
			{
				$this->_displayAll();
			}
		}

		function _doDeleteAt($id_user, $aliase_loeschen, $ja_ich_will)
		{
			if ($ja_ich_will != "true")
			{
				$query_user = "SELECT login FROM user;";
				$result_user = mysql_query($query_user, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
  		?>
			<div id="inhalt">
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		<br><br>
  		<!-- <div id="inhalt"> -->
  			<form method="POST" action="" name="neuer_account">
  				<input type="hidden" name="force" value="true">
  				<table border="0" cellspacing="3" cellpadding="0" width="550">
  					<tr><td>Aliase loeschen</td><td align="right"><input type="radio" name="aliase_loeschen" value="true" checked></td><td></td></tr>
  					<tr><td>Aliase ersetzen</td><td align="right"><input type="radio" name="aliase_loeschen" value="false"></td><td></td></tr>
  					<tr><td>&nbsp;durch</td><td align="right">
  						<select name="alias_from_domain" size="1">
  						<?
								while ($line_user = mysql_fetch_array($result_user, MYSQL_ASSOC))
								{
									print "<option>" . $line_user['login'] . "</option>";
								}
							?>
							</select>
 						</td><td></td></tr>
  					<tr><td></td><td></td><td align=right><input class="createb" type="submit" value="Ja, ich will"></td></tr>
  				</table>
  			</form>
  		</div>
  		<?
			}
			else
			{
				// auch die alias loeschen!
				if (  preg_match('/^[0-9]{1,2}$/', $id_user) )
				{
					if ($aliase_loeschen == "true")
					{
						// aliase loeschen
						$query = "SELECT login FROM user WHERE id_user='" . mysql_escape_string($id_user) . "';";
						$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
						$line = mysql_fetch_array($result, MYSQL_ASSOC);
						
						$query = "DELETE FROM alias WHERE alias_to='" . $line['login'] . "';";
						$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
					}
					else
					{
						// aliase aendern auf
						if (isset($_POST['alias_from_domain']) && $_POST['alias_from_domain'] != "")
						{
							$query = "SELECT login FROM user WHERE id_user='" . mysql_escape_string($id_user) . "';";
							$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
							$line = mysql_fetch_array($result, MYSQL_ASSOC);
							
							$query = "UPDATE alias SET alias_to='" . $_POST['alias_from_domain'] . "' WHERE alias_to='" . $line['login'] . "';";
							$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
						}
					}
					
					$query = "DELETE FROM user WHERE id_user='" . mysql_escape_string($id_user) . "';";
					$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
					
					$this->_displayAll();
				}
				else
				{
					print "Achtung SQL-Injection: Bitte lass das!";
					exit;
				}
			}
		}

		function _doInsertUser($login, $pass, $has_dspam)
		{
			if ( preg_match('/^[0-9a-zA-Z]{1,}$/', $login) && preg_match('/^[0-9a-zA-Z]{1,}$/', $pass))
			{
				if ($has_dspam == "true")
				{
					$query = "INSERT INTO user (login, password, has_dspam) VALUES ('" . mysql_escape_string($login) . "', ENCRYPT('" . mysql_escape_string($pass) . "'), '1');";
				}
				else
				{
					$query = "INSERT INTO user (login, password, has_dspam) VALUES ('" . mysql_escape_string($login) . "', ENCRYPT('" . mysql_escape_string($pass) . "'), '0');";
				}

				$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

				$this->_displayAll();
			}
			else
			{
				print "Achtung SQL-Injection: Bitte lass das!<br />";
				exit;
			}
		}
		
		function _doUpdateUser($id_user, $login, $pass, $has_dspam, $password_ist_unchanged, $alias_aendern)
		{
			if (  preg_match('/^[0-9]{1,2}$/', $id_user) )
			{
				if ( preg_match('/^[0-9a-zA-Z]{1,}$/', $login) && preg_match('/^[0-9a-zA-Z]{1,}$/', $pass) )
				{
					if ($alias_aendern == "true")
					{
						// alten login holen
						$query = "SELECT login FROM user WHERE id_user='" . $id_user . "';";
						$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
						$line = mysql_fetch_array($result, MYSQL_ASSOC);
						
						$old_login = $line['login'];
						
						$query = "SELECT id_alias, alias_from, alias_to FROM alias WHERE alias_to='" . $old_login . "';";
						$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
						
						// UPDATE alias
						while ($line = mysql_fetch_array($result, MYSQL_ASSOC))
						{
							$query = "UPDATE alias SET alias_to='" . mysql_escape_string($login) . "' WHERE id_alias='" . $line['id_alias'] . "';";
							$rs = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
						}
						
						// UPDATE DSpam
						$query = "SELECT uid FROM dspam_virtual_uids WHERE username='" . $old_login . "'";
						$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
						$line = mysql_fetch_array($result, MYSQL_ASSOC);
						
						$query = "UPDATE dspam_virtual_uids SET username='" . mysql_escape_string($login) . "' WHERE uid='" . $line['uid'] . "';";
						$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
					}

					
					if ($has_dspam == "true")
					{
						$dspam = "1";
					}
					else
					{
						$dspam = "0";
					}
					
					if ($password_ist_unchanged == "true")
					{
						$query = "UPDATE user SET login='" . mysql_escape_string($login) . "', password='" . mysql_escape_string($pass) . "', has_dspam='" . $dspam . "' WHERE id_user='" . $id_user . "';";
					}
					else
					{
						$query = "UPDATE user SET login='" . mysql_escape_string($login) . "', password=ENCRYPT('" . mysql_escape_string($pass) . "'), has_dspam='" . $dspam . "' WHERE id_user='" . $id_user . "';";
					}
					
					$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
					$this->_displayAll();
				}
				else
				{
					print "Achtung SQL-Injection: Bitte lass das!";
					exit;
				}
			}
			else
			{
				print "Achtung SQL-Injection: Bitte lass das!";
				exit;
			}
		}
		
		private function _displayAll()
		{
			$query = "SELECT id_user, login, password, has_dspam FROM user ORDER BY id_user";
			$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

			?>
				<div id="inhalt">
					<table border="0" cellpadding="0" cellspacing="0">
						<tr align=left><th width=50>id</th><th width=100>login</th><th width=150>DSpam-Filterung</th></tr>
					<?
						while ($line = mysql_fetch_array($result, MYSQL_ASSOC))
						{
							print "<tr height=15>";
							print "\t\t<td align=left>" . $line['id_user'] . "</td>\n";
							print "\t\t<td align=left>" . $line['login'] . "</td>\n";
							if ($line['has_dspam'] == "1")
							{
								print "\t\t<td align=left>Ja</td>\n";
							}
							else
							{
								print "\t\t<td align=left>Nein</td>\n";
							}
							print '<td><a href="?action=mail&run=edit&was=' . $line['id_user'] . '">edit</a> <a href="?action=mail&run=delete&was=' . $line['id_user'] . '">delete</a></td></tr>';
						}
						
						mysql_free_result($result);
					?>
				</div>
				Verf&uuml;gbare Aktionen:<br>
				&nbsp;<a href="?action=mail&run=new">einen neuen E-Mail-Benutzer anlegen</a><br>
				oder<br>
				&nbsp;einen vorhandenen E-Mail-Benutzer editieren:<br><br>
			<?
  	}
  	
  	function _doAddNew()
  	{
  		?>
			<div id="inhalt">
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		<br><br>
  		<!-- <div id="inhalt"> -->
  			<form method="POST" action="" name="neuer_account">
  				<table border="0" cellspacing="3" cellpadding="0" width="550">
  					<tr><td>login</td><td align="right"><input type="text" name="login" value="" size="50" maxlength="50"></td><td></td></tr>
  					<tr><td>password</td><td align="right"><input type="text" name="password" value="" size="50" maxlength="50"></td><td align=right><a href="javascript:void(0)" onclick="javaScript:document.forms.neuer_account.password.value=getRealPassword();"><acronym title="Erstellt ein Zufallspassword mit 8 Zeichen.">[ZUFALL]</a></td></tr>
  					<tr><td>password ist unveraendert</td></td><td align=right><input type="checkbox" name="password_ist_unchanged" value="true" checked></td></tr>
  					<tr><td>DSpam ist aktiv</td></td><td align=right><input type="checkbox" name="has_dspam" value="true" checked></td></tr>
  					<tr><td></td><td></td><td align=right><input class="createb" type="submit" value="Erstellen"></td></tr>
  				</table>
  			</form>
  		</div>
  		<?
  	}
  	
  	function _doEditUser($id_user)
  	{
  		/*
  		TODO: Wenn der login geaendert wurde, muss natuerlich auch:
  		 (a) in der alias geaendert werden
  		 (b) im filesystem
  		*/
  		if (  preg_match('/^[0-9]{1,2}$/', $id_user) )
  		{
				$query = "SELECT login, password, has_dspam FROM user WHERE id_user='" . $id_user . "';";
				$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
				$line = mysql_fetch_array($result, MYSQL_ASSOC)

	  		?>
				<div id="inhalt">
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		<br><br>
	  		<!-- <div id="inhalt"> -->
	  			<form method="POST" action="#" name="neuer_account" onsubmit="return domain_check();">
	  				<table border="0" cellspacing="3" cellpadding="0" width="550">
	  					<tr><td>login</td><td align="right"><input type="text" name="login" value="<? print $line['login']; ?>" size="50" maxlength="50"></td><td></td></tr>
	  					<tr><td>password</td><td align="right"><input type="text" name="password" value="<? print $line['password']; ?>" size="50" maxlength="50"></td><td align=right><a href="javaScript:void(0)" onclick="javaScript:document.forms.neuer_account.password.value=getRealPassword()"><acronym title="Erstellt ein Zufallspassword mit 8 Zeichen.">[ZUFALL]</a></td></tr>
		  				<tr><td>password ist unveraendert</td></td><td align=right><input type="checkbox" name="password_ist_unchanged" value="true" checked></td></tr>
  						<tr><td>DSpam ist aktiv</td></td><td align=right><input type="checkbox" name="has_dspam" value="true" <? ($line['has_dspam'] == 1) ? print "checked" : print ""; ?> ></td></tr>
	  					<tr><td>Aliase ebenfalls aendern</td></td><td align=right><input type="checkbox" name="alias_aendern" value="true" checked></td></tr>
	  					<tr><td></td><td></td><td align=right><input class="createb" type="submit" value="Aktualisieren"></td></tr>
	  				</table>
	  			</form>
	  		</div>
	  		<?
	  		mysql_free_result($result);
	  	}
	  	else
	  	{
				print "Achtung SQL-Injection: Bitte lass das!<br />";
				exit;
	  	}
  	}
  	
		private function _doCheckUser($domain_name)
  	{
			$query = "SELECT login FROM user WHERE login='" . mysql_escape_string($domain_name) . "';";
			$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
			$line = mysql_fetch_array($result, MYSQL_ASSOC);
			// mysql_free_result($result);
			
			print $line['login'];
  	}
	}
?>